From 6d83f5614a5273ff53f1ddc5f4c614460e228993 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 30 Jan 2019 16:40:15 +0300
Subject: fix user deletion flow when invalid key is present

---
 .../java/com/juick/server/SignatureManager.java    | 45 +++++++++++-----------
 1 file changed, 23 insertions(+), 22 deletions(-)

(limited to 'src/main/java/com/juick/server/SignatureManager.java')

diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java
index 032f71ee..c863ae0f 100644
--- a/src/main/java/com/juick/server/SignatureManager.java
+++ b/src/main/java/com/juick/server/SignatureManager.java
@@ -86,32 +86,33 @@ public class SignatureManager {
 
     public User verifySignature(String method, String path, Map<String, String> headers) {
         String signatureString = headers.get("signature");
-        if (StringUtils.isNotEmpty(signatureString)) {
-            logger.info("Signature: {}", signatureString);
-            Signature signature = Signature.fromString(signatureString);
-            Optional<Context> context = getContext(URI.create(signature.getKeyId()));
-            if (context.isPresent() && context.get() instanceof Person) {
-                Person person = (Person) context.get();
-                Key key = KeystoreManager.publicKeyOf(person);
+        logger.info("Signature: {}", signatureString);
+        Signature signature = Signature.fromString(signatureString);
+        Optional<Context> context = getContext(UriComponentsBuilder.fromUriString(signature.getKeyId())
+                .fragment(null).build().toUri());
+        if (context.isPresent() && context.get() instanceof Person) {
+            Person person = (Person) context.get();
+            Key key = KeystoreManager.publicKeyOf(person);
 
-                Verifier verifier = new Verifier(key, signature);
-                try {
-                    boolean result = verifier.verify(method, path, headers);
-                    logger.info("signature of {} is valid: {}", signature.getKeyId(), result);
-                    if (result) {
-                        User user = new User();
-                        user.setUri(URI.create(person.getId()));
-                        if (key.equals(keystoreManager.getPublicKey())) {
-                            return userService.getUserByName(person.getName());
-                        }
-                        return user;
-                    } else {
-                        return AnonymousUser.INSTANCE;
+            Verifier verifier = new Verifier(key, signature);
+            try {
+                boolean result = verifier.verify(method, path, headers);
+                logger.info("signature of {} is valid: {}", signature.getKeyId(), result);
+                if (result) {
+                    User user = new User();
+                    user.setUri(URI.create(person.getId()));
+                    if (key.equals(keystoreManager.getPublicKey())) {
+                        return userService.getUserByName(person.getName());
                     }
-                } catch (NoSuchAlgorithmException | SignatureException | IOException e) {
-                    logger.warn("Invalid signature {}", signatureString);
+                    return user;
+                } else {
+                    return AnonymousUser.INSTANCE;
                 }
+            } catch (NoSuchAlgorithmException | SignatureException | IOException e) {
+                logger.warn("Invalid signature {}", signatureString);
             }
+        } else {
+            logger.warn("Unknown keyId");
         }
         return AnonymousUser.INSTANCE;
     }
-- 
cgit v1.2.3